I guess you are natting on the ASA because of the command "peer 16.16.4.2"on the client? If so remember to permit nat-t UDP:4500 through the ASA.
Also, I think the isakmp profile needs to map to the easyvpn group by adding: crypto isakmp profile easyvpn client configuration group Easyvpn Cheers. On Wed, Jan 12, 2011 at 7:54 PM, Robert Gridley <[email protected]> wrote: > Hi, > > I need help because I cant get this working: > > R4(Client)-----------------|ASA no NAT| ------------------- R2 (server) > > Easy VPN Client (R4): > > crypto ipsec client ezvpn Easyvpn > connect auto > group Easyvpn key cisco > mode client > peer 16.16.4.2 > username cisco password cisco > xauth userid mode local > interface FastEthernet0/0 > ip address 12.12.6.4 255.255.255.0 > duplex auto > speed auto > crypto ipsec client ezvpn Easyvpn > ! > interface FastEthernet0/1 > ip address 12.12.12.4 255.255.255.0 > duplex auto > speed auto > crypto ipsec client ezvpn Easyvpn inside > __________________________________________ > ASA (No NAT): > access-list in-outside extended permit esp host 12.12.6.4 host 12.12.4.2 > access-list in-outside extended permit udp host 12.12.6.4 host 12.12.4.2 > eq isakmp > _______________________________________________________________________ > R2(Server): > aaa authentication login userlist local > aaa authentication login LINES line > aaa authorization network groupist local > crypto isakmp policy 10 > encr 3des > authentication pre-share > group 2 > crypto isakmp key cisco address 0.0.0.0 0.0.0.0 > > crypto isakmp client configuration group Easyvpn > key cico > domain cisco.com > pool ippool > acl split > save-password > crypto isakmp profile easyvpn > match identity group Easyvpn > client authentication list userlist > isakmp authorization list groupist > client configuration address respond > virtual-template 2 > > crypto ipsec transform-set myset esp-3des esp-sha-hmac > > crypto ipsec profile easyvpn > set transform-set myset > set isakmp-profile easyvpn > interface Virtual-Template2 type tunnel > ip unnumbered FastEthernet0/0 > tunnel source FastEthernet0/0 > tunnel mode ipsec ipv4 > tunnel protection ipsec profile easyvpn > > ip local pool ippool 12.12.22.1 12.12.22.5 > > ip access-list extended split > permit ip 192.186.2.0 0.0.0.255 any > Does somebody can help me were my failure is ? > > > Thanks, > > Bobby > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
